On Wed, May 24, 2023 at 07:58:36AM +0800, Kent Gibson wrote:
> On Tue, May 23, 2023 at 05:51:01PM +0200, Bartosz Golaszewski wrote:
> > When a GPIO device is forcefully unregistered, we are left with an
> > inactive object. If user-space kept an open file descriptor to a line
> > request associated with such a structure, upon closing it, we'll see the
> > kernel crash due to freeing unexistent GPIO descriptors.
> >
>
> > @@ -1565,17 +1571,21 @@ static ssize_t linereq_read(struct file *file, char __user *buf,
> >
> > static void linereq_free(struct linereq *lr)
> > {
> > + struct gpio_device *gdev = lr->gdev;
> > unsigned int i;
> >
> > for (i = 0; i < lr->num_lines; i++) {
> > if (lr->lines[i].desc) {
> > edge_detector_stop(&lr->lines[i]);
> > - gpiod_free(lr->lines[i].desc);
> > + down_write(&gdev->sem);
> > + if (gdev->chip)
> > + gpiod_free(lr->lines[i].desc);
> > + up_write(&gdev->sem);
Ummm, taking another look at the oops I sent you, the crash actually
occurs in edge_detector_stop():
May 23 11:47:06 firefly kernel: [ 4216.877056] Call Trace:
May 23 11:47:06 firefly kernel: [ 4216.877512] <TASK>
May 23 11:47:06 firefly kernel: [ 4216.877924] irq_domain_deactivate_irq+0x19/0x30
May 23 11:47:06 firefly kernel: [ 4216.878543] free_irq+0x257/0x360
May 23 11:47:06 firefly kernel: [ 4216.879056] linereq_free+0x9b/0xe0
May 23 11:47:06 firefly kernel: [ 4216.879608] linereq_release+0xc/0x20
May 23 11:47:06 firefly kernel: [ 4216.880230] __fput+0x87/0x240
May 23 11:47:06 firefly kernel: [ 4216.880744] task_work_run+0x54/0x80
That free_irq() call is in edge_detector_stop() (which apparently is inlined),
not in gpiod_free().
So pretty sure this patch doesn't even solve my problem, but I will test
it to confirm.
Cheers,
Kent.
Re: [PATCH] gpio: cdev: fix a crash on line-request release
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: [PATCH] gpio: cdev: fix a crash on line-request release
- From: Kent Gibson <warthog618@xxxxxxxxx>
- Date: Wed, 24 May 2023 10:09:42 +0800
- In-reply-to: <ZG1TLBsOy4mZQlW3@sol>
- References: <20230523155101.196853-1-brgl@bgdev.pl> <ZG1TLBsOy4mZQlW3@sol>
- Follow-Ups:
- Re: [PATCH] gpio: cdev: fix a crash on line-request release
- From: Kent Gibson
- Re: [PATCH] gpio: cdev: fix a crash on line-request release
- References:
- [PATCH] gpio: cdev: fix a crash on line-request release
- From: Bartosz Golaszewski
- Re: [PATCH] gpio: cdev: fix a crash on line-request release
- From: Kent Gibson
- [PATCH] gpio: cdev: fix a crash on line-request release
- Prev by Date: [brgl:gpio/for-next] BUILD SUCCESS 6d255623d7982df54a8b1bd4eea8a71b21de43fd
- Next by Date: [brgl:gpio/for-current] BUILD SUCCESS 3002b8642f016d7fe3ff56240dacea1075f6b877
- Previous by thread: Re: [PATCH] gpio: cdev: fix a crash on line-request release
- Next by thread: Re: [PATCH] gpio: cdev: fix a crash on line-request release
- Index(es):
 |